Powpy

**Name of the Vulnerable Software and Affected Versions** WP Customer Reviews versions prior to 3.7.6 **Description** The WP Customer Reviews plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is due to inadequate input sanitization and output escaping of the `wpcr3 fname` parameter. An unauthenticated attacker can inject arbitrary web scripts into pages, which will execute if a user is tricked into performing an action, such as clicking a malicious link. **Recommendations** Update WP Customer Reviews to version 3.7.6 or later.

**Name of the Vulnerable Software and Affected Versions** Library Management System versions prior to 3.2.2 **Description** The Library Management System plugin for WordPress is susceptible to SQL Injection due to inadequate input validation and query preparation. Specifically, the `bid` parameter is not properly sanitized, allowing attackers to inject malicious SQL code. This can enable unauthenticated attackers to extract sensitive information from the database by appending additional SQL queries to existing ones. **Recommendations** Update the Library Management System plugin to version 3.2.2 or later.

**Name of the Vulnerable Software and Affected Versions** midi-Synth plugin for WordPress versions up to and including 1.1.0 **Description** The midi-Synth plugin for WordPress is susceptible to arbitrary file uploads because of a lack of validation for file types and extensions within the 'export' AJAX action. This allows unauthenticated attackers to upload files to the affected server. Successful exploitation, which requires obtaining a valid nonce, could potentially lead to remote code execution. The nonce is exposed in frontend JavaScript, making it easily accessible to attackers. **API Endpoint:** '/export' **Vulnerable Parameter:** No specific parameters are mentioned, but the issue relates to file uploads handled by the 'export' AJAX action. **Vulnerable Function:** The 'export' AJAX action is vulnerable. **Recommendations** Update the midi-Synth plugin to a version newer than 1.1.0. Disable the midi-Synth plugin if an update is not available.

**Name of the Vulnerable Software and Affected Versions** TableMaster for Elementor versions up to and including 1.3.6 **Description** The TableMaster for Elementor plugin for WordPress is susceptible to Server-Side Request Forgery. This occurs because the plugin does not limit the URLs that can be accessed when importing CSV data from a URL using the Data Table widget. Authenticated attackers with Author-level access or higher can make web requests to arbitrary locations, including localhost and internal network services. Sensitive files, such as `wp-config.php`, can be read through the `csv url` parameter. **Recommendations** Update TableMaster for Elementor to a version later than 1.3.6.

**Name of the Vulnerable Software and Affected Versions** SearchWiz versions prior to 1.0.1 **Description** The SearchWiz plugin for WordPress is susceptible to Stored Cross-Site Scripting through post titles displayed in search results. The issue arises because the plugin utilizes `esc attr()` instead of `esc html()` when displaying post titles, allowing authenticated attackers with contributor-level access or higher to inject malicious web scripts into post titles. These scripts execute when a user performs a search and views the resulting page. The vulnerable component is the handling of post titles in search results. **Recommendations** Update SearchWiz to version 1.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** ConvertForce Popup Builder plugin for WordPress versions up to and including 0.0.7 **Description** The ConvertForce Popup Builder plugin for WordPress is susceptible to Stored Cross-Site Scripting. The issue stems from inadequate input sanitization and output escaping within the Gutenberg block's `entrance animation` attribute. This allows authenticated attackers with Author-level access or higher to inject malicious web scripts into pages. These scripts will then execute when a user accesses the compromised page. The vulnerable parameter is `entrance animation`. **Recommendations** Update the ConvertForce Popup Builder plugin to a version newer than 0.0.7.

**Name of the Vulnerable Software and Affected Versions** Header and Footer Scripts plugin for WordPress versions up to and including 2.2.2 **Description** The Header and Footer Scripts plugin for WordPress is susceptible to Stored Cross-Site Scripting through the ` inpost head script` parameter. Insufficient input sanitization and output escaping allow authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts into pages. These scripts will execute whenever a user accesses the affected page. The ` inpost head script` parameter is the entry point for this issue. **Recommendations** Update the Header and Footer Scripts plugin to a version newer than 2.2.2.

**Name of the Vulnerable Software and Affected Versions** My Album Gallery plugin for WordPress versions prior to 1.0.5 **Description** The My Album Gallery plugin for WordPress is susceptible to Stored Cross-Site Scripting through the `style css` shortcode attribute. Insufficient input sanitization and output escaping allow authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. **Recommendations** Update the My Album Gallery plugin to version 1.0.5 or later.

**Name of the Vulnerable Software and Affected Versions** QR Code for WooCommerce order emails, PDF invoices, packing slips plugin for WordPress versions through 1.9.42 **Description** The plugin is susceptible to Stored Cross-Site Scripting through its shortcode due to inadequate input sanitization and output escaping of user-supplied attributes. This allows authenticated attackers with contributor-level access or higher to inject malicious web scripts into pages. These scripts will execute when a user accesses the compromised page. **Recommendations** Update the QR Code for WooCommerce order emails, PDF invoices, packing slips plugin for WordPress to a version later than 1.9.42.

**Name of the Vulnerable Software and Affected Versions** Page Expire Popup/Redirection for WordPress plugin versions prior to 1.0 **Description** The Page Expire Popup/Redirection for WordPress plugin is susceptible to a time-based SQL Injection issue. This is due to inadequate escaping of user-supplied input and insufficient preparation of existing SQL queries, specifically through the `id` shortcode attribute. Authenticated attackers with Author-level access or higher can append additional SQL queries to existing ones, potentially extracting sensitive information from the database. **Recommendations** Update the Page Expire Popup/Redirection for WordPress plugin to a version later than 1.0.

**Name of the Vulnerable Software and Affected Versions** Orders Chat for WooCommerce versions through 1.2.0 **Description** A missing authorization flaw exists in Mykola Lukin Orders Chat for WooCommerce, stemming from incorrectly configured access control security levels. This allows for exploitation of the system. **Recommendations** Update Orders Chat for WooCommerce to a version later than 1.2.0.

**Name of the Vulnerable Software and Affected Versions** YoOhw Studio Order Cancellation & Returns for WooCommerce versions through 1.1.10 **Description** An authorization bypass exists due to incorrectly configured access control security levels. This allows exploitation through a user-controlled key. The issue impacts the Order Cancellation & Returns for WooCommerce plugin. **Recommendations** Update YoOhw Studio Order Cancellation & Returns for WooCommerce to a version later than 1.1.10.

**Name of the Vulnerable Software and Affected Versions** MyD Delivery versions through 1.3.7 **Description** An authorization bypass exists in Eduardo Villão MyD Delivery due to incorrectly configured access control security levels. This allows exploitation through a user-controlled key. **Recommendations** Update MyD Delivery to a version later than 1.3.7.

**Name of the Vulnerable Software and Affected Versions** Image Photo Gallery Final Tiles Grid versions prior to 3.6.9 **Description** The Image Photo Gallery Final Tiles Grid plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to inadequate input sanitization and output escaping in the 'Custom scripts' setting. Authenticated attackers with Author-level access or higher can inject arbitrary web scripts into pages. These scripts will execute when a user accesses the affected page. **Recommendations** Update Image Photo Gallery Final Tiles Grid to version 3.6.9 or later.

**Name of the Vulnerable Software and Affected Versions** Image Gallery – Photo Grid & Video Gallery plugin for WordPress versions up to and including 2.13.3 **Description** The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is susceptible to unauthorized data modification. A missing capability check within the `add images to gallery callback()` function allows authenticated attackers with Author-level access or higher to add images to Modula galleries belonging to other users. **Recommendations** Update to version 2.13.4 or later. As a temporary workaround, restrict access to the `add images to gallery callback()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Header Footer Script Adder – Insert Code in Header, Body & Footer plugin for WordPress versions through 2.0.5 **Description** The Header Footer Script Adder – Insert Code in Header, Body & Footer plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to inadequate input sanitization and output escaping in the script adder feature within posts. Authenticated attackers with Contributor-level access or higher can inject arbitrary web scripts into pages. These scripts will execute when a user accesses the compromised page. **Recommendations** Update the Header Footer Script Adder – Insert Code in Header, Body & Footer plugin to a version later than 2.0.5.

**Name of the Vulnerable Software and Affected Versions** Eyewear prescription form plugin for WordPress versions up to and including 6.0.1 **Description** The Eyewear prescription form plugin for WordPress is susceptible to a missing authorization issue. This stems from a lack of proper capability checks on the RemoveItems AJAX action. This allows attackers to delete arbitrary WooCommerce product categories, and their child categories, by manipulating the `catIds` parameter. **Recommendations** Update the Eyewear prescription form plugin to a version beyond 6.0.1.

**Name of the Vulnerable Software and Affected Versions** Premmerce Brands for WooCommerce plugin for WordPress versions through 1.2.13 **Description** The Premmerce Brands for WooCommerce plugin for WordPress has a flaw that allows unauthorized data modification. This is due to a missing capability check within the `saveBrandsSettings` function. Authenticated attackers with Subscriber-level access or higher can modify brand permalink settings. **Recommendations** Update the Premmerce Brands for WooCommerce plugin to a version later than 1.2.13.

**Name of the Vulnerable Software and Affected Versions** WPNakama plugin for WordPress versions up to and including 0.6.3 **Description** The WPNakama plugin for WordPress is susceptible to time-based SQL Injection through the `order by` parameter. Insufficient escaping of user-supplied input and inadequate preparation of existing SQL queries allow unauthenticated attackers to inject additional SQL queries, potentially extracting sensitive information from the database. The vulnerable parameter is `order by`. **Recommendations** Update the WPNakama plugin to a version newer than 0.6.3.

**Name of the Vulnerable Software and Affected Versions** WPMasterToolKit plugin for WordPress versions prior to 2.13.1 **Description** The WPMasterToolKit plugin for WordPress allows authenticated attackers with Contributor-level access or above to execute arbitrary PHP code on the server. This is possible because the plugin permits Author-level users to create and execute PHP code through the Code Snippets feature without sufficient capability checks. Successful exploitation can lead to remote code execution, privilege escalation, and complete site compromise. **Recommendations** Update the WPMasterToolKit plugin to version 2.13.1 or later.